Steps for Updating NNR to use DNS only

Occasional Contributor

Anyone have the steps for updating the MDI Sensor on the Domain Controllers with the Secondary option to use DNS only to prevent the MDI DC Sensor using any of the Primary methods of communication. 

 

Primary methods:

NTLM over RPC (TCP Port 135)

NetBIOS (UDP port 137)

RDP (TCP port 3389) - only the first packet of Client hello

 

Secondary method:

Queries the DNS server using reverse DNS lookup of the IP address (UDP 53)

 

 

NTLM over RPC*TCP135All devices on the networkInbound
NetBIOS*UDP137All devices on the networkInbound
RDP*TCP3389All devices on the networkInbound
DNSUDP53Domain controllers

Outbound

 

 

 

Thanks Roger.

 

1 Reply

@roger_jr Working only with DNS is not supported. You need at least one high certainty method with high success rate to work effectively.